Digest of Overview of Linux Kernel Security Features
Linux kernel Security:
I. DAC: Discretionary Access Control, the core security model of UNIX.
II. POSIX ACL: Extended DAC
III. Namespaces
Derived from Plan 9.
Process has its own view of resources, for example filesystem.
IV. Network Security: Netfilters
1. iptables: network layer
2. ebtables: link layer and linux bridge
3. arptables: for arp protocol
4. IPsec: network layer
V. Cryptography
1. Cryptographic API, such as IPsec
2. Disk encryption, such as ecryptfs and dm-crypt
3. kernel module signature
VI. LSM: Linux Security Modules
1. MAC: Mandatory Access Control
i. SELinux: Security Enhanced Linux
ii. Smack: Simplified MAC Kernel?
iii. AppArmor: Used by Ubuntu and OpenSUSE
iv. TOMOYO: path-based security
v. Yama
VII. Audit
VIII. Seccomp: Secure computing
IX. Integrity management
X. Hardening and Platform Security
for example: ASLR--Address Space Layout Randomization
This is a guest post from James Morris, the Linux kernel security subsystem maintainer and manager of the mainline Linux kernel development team at Oracle.
URL: https://www.linux.com/learn/overview-linux-kernel-security-features